CN110210211B - Data protection method and computing equipment - Google Patents

Data protection method and computing equipment Download PDF

Info

Publication number
CN110210211B
CN110210211B CN201910485699.8A CN201910485699A CN110210211B CN 110210211 B CN110210211 B CN 110210211B CN 201910485699 A CN201910485699 A CN 201910485699A CN 110210211 B CN110210211 B CN 110210211B
Authority
CN
China
Prior art keywords
character
target data
application
data
stored
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201910485699.8A
Other languages
Chinese (zh)
Other versions
CN110210211A (en
Inventor
侯丛政
邓晓
钟伟
柴江朋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zendai Up Financial Information Service Co ltd
Original Assignee
Beijing Zendai Up Financial Information Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zendai Up Financial Information Service Co ltd filed Critical Beijing Zendai Up Financial Information Service Co ltd
Priority to CN201910485699.8A priority Critical patent/CN110210211B/en
Publication of CN110210211A publication Critical patent/CN110210211A/en
Application granted granted Critical
Publication of CN110210211B publication Critical patent/CN110210211B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data protection method and computing equipment, wherein the computing equipment stores target data of an application, and the method comprises the following steps: receiving a request for acquiring target data sent from an application; judging whether the application is in a dynamic debugging mode, if so, returning false data, wherein the false data is data different from the target data; if the dynamic debugging mode is not the dynamic debugging mode, verifying the application signature, and if the verification fails, returning false data; and if the verification is passed, returning the stored target data.

Description

Data protection method and computing equipment
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a data protection method and a computing device.
Background
In the process of application development and operation, data of an application, such as a secret key, is required to be stored locally, the security of the data stored locally is not high, and particularly, applications such as shopping and banking affairs threaten the personal and property security of users once the data stored locally is decoded. In the prior art, a method for protecting locally stored data generally adopts a public encryption algorithm, but encrypted data is still easy to crack.
Disclosure of Invention
In view of the above, the present invention has been developed to provide a method, apparatus and computing device for data protection that seek to solve, or at least mitigate, the above-identified problems.
According to an aspect of the present invention, there is provided a method of data protection, performed in a computing device storing target data of an application, the method comprising: receiving a request for acquiring target data sent from an application; judging whether the application is in a dynamic debugging mode, if so, returning false data, wherein the false data is data different from the target data; if the dynamic debugging mode is not the dynamic debugging mode, verifying the application signature, and if the verification fails, returning false data; and if the verification is passed, returning the stored target data.
Optionally, in the method for data protection according to the present invention, the target data segment is stored in a computing device, and the step of returning the stored target data includes: acquiring data stored in a segmented mode, and splicing the acquired data to generate target data; and returning the generated target data.
Optionally, in the method of data protection according to the present invention, the target data segment is stored in application code, a resource file, and a dynamic link library.
Optionally, in the method for protecting data according to the present invention, the computing device further stores a code table, the code table includes a plurality of entries, each entry includes a correspondence between a main code and a character sequence, all main codes constitute a character range that is the same as a character range of the target data, the character sequence associated with the main code includes all characters in the character range except for the main code, all the character sequences constitute a character matrix, any column of the character matrix has no repeated character, and the method further includes, before the target data is stored in the computing device, encoding the target data by: for each character in the target data, acquiring a position number m of the character in the target data; acquiring a row number n of the character in the m-th column of the character matrix, and taking a main code of the n-th row of the character matrix as an encoded character of the character; and all the coded characters are connected in series to obtain coded target data.
Optionally, in the method for data protection according to the present invention, the stored target data is returned as decoded target data, and the method further includes a step of decoding the encoded target data: for each character in the encoded target data, acquiring a character sequence associated with the character from a code table; according to the position of the character in the encoded target data, finding the character at the corresponding position in the character sequence as a decoded character; and all decoded characters are connected in series to obtain decoded target data.
Optionally, in the method for protecting data according to the present invention, the step of determining whether the application is in a dynamic debug mode includes: respectively acquiring the system time of the start and the end of the application operation, and calculating the difference value of the two system times; and if the difference value of the system time is larger than a preset threshold value, judging that the application is in a dynamic debugging mode, otherwise, judging that the application is not in the dynamic debugging mode.
Optionally, in the method for protecting data according to the present invention, the step of determining whether the application is in a dynamic debug mode includes: acquiring state information of a process for running an application, wherein the state information comprises a TracerPid value; and if the TracerPid value is not zero, judging that the application is in Ptrace dynamic debugging, and if the TracerPid value is zero, judging that the application is not in Ptrace dynamic debugging.
Optionally, in the method for data protection according to the present invention, the target data is a key of an application.
According to another aspect of the invention, there is provided a computing device comprising: at least one processor; and a memory storing program instructions, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the program instructions comprising instructions for performing the above-described method.
According to yet another aspect of the present invention, there is provided a readable storage medium storing program instructions which, when read and executed by a computing device, cause the computing device to perform the above-described method.
According to the data protection scheme, when a request for acquiring target data sent by an application is received, whether the application is in a dynamic debugging mode is judged, if yes, false data is returned to confuse a interpreter, and the safety of locally storing the application data is improved.
In addition, the data needing to be protected is encrypted by adopting a new encryption algorithm, so that the safety of locally storing the application data is further increased.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 shows a schematic diagram of an application scenario of the present invention;
FIG. 2 shows a block diagram of a computing device 200, according to one embodiment of the invention;
FIG. 3 shows a flow diagram of a method 300 of data protection according to one embodiment of the invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Fig. 1 shows a schematic diagram of an application scenario of the present invention. As shown in fig. 1, in the application scenario, an application (or a client) needs to interact with a server, for example, the application sends an http request to the server, and the server performs corresponding processing according to the http request and then sends an http response to the application. In order to improve security, when an application sends an HTTP request to a server, a well-agreed key is carried in a request header. The server will respond to the application's request only if the key is correct, and if the key is incorrect, the server will treat the application's request as an illegal request and not respond. Before an application sends a request to a server, a key stored in a computing device is acquired from the local, and an application program interface for calling the acquired key is put into request Headers. Therefore, if a translator tries to send a request to the server, but cannot acquire the locally stored key, the key translation for the application cannot be realized because the application program interface for acquiring the key cannot be put in the request header.
The key of the application stored locally is usually encrypted through an encryption algorithm, the encrypted logic can be acquired by a cracker through various modes, and common cracking modes can be divided into static analysis and dynamic debugging. Static analysis is to analyze the location and manner of encryption by decompiling, viewing program source code in conjunction with tool, and in conjunction with application operations. The dynamic debugging means that a debugger tracks the running of an application program by using a debugger in an integrated environment (IDE) and analyzes the encrypted logic by analyzing the running state of the application and checking the running state of the application. Therefore, if the application key cannot be obtained in a dynamic debugging manner, the key stored locally will be at a greater risk.
Aiming at the problems, when a request for acquiring the locally stored data is received, the dynamic debugging is identified, the application signature and the instruction signature are verified, and for the application which is debugging or fails in signature verification, false data is returned to confuse a interpreter, so that the difficulty of interpretation is increased, and the safety of the data in local storage is improved. And the encrypted ciphertext is stored in different parts of the application program installation package in a segmented manner, and a new encryption algorithm is adopted, so that the difficulty of a decipherer in obtaining the ciphertext is further increased, and the safety of locally stored data is protected.
In accordance with the above-described principle of obtaining a locally stored key, a method of data protection according to an embodiment of the present invention is described below. It should be noted that the locally stored data to be protected may be other data besides the key of the application, for example, an address book, a memo, an electronic file, and the like.
The method for protecting data of the embodiment of the invention can be executed in computing equipment. FIG. 2 shows a block diagram of a computing device 200, according to one embodiment of the invention. As shown in FIG. 3, in a basic configuration 202, a computing device 200 typically includes a system memory 206 and one or more processors 204. A memory bus 208 may be used for communication between the processor 204 and the system memory 206.
Depending on the desired configuration, the processor 204 may be any type of processing, including but not limited to: a microprocessor (μ P), a microcontroller (μ C), a Digital Signal Processor (DSP), or any combination thereof. The processor 204 may include one or more levels of cache, such as a level one cache 210 and a level two cache 212, a processor core 214, and registers 216. The example processor core 214 may include an Arithmetic Logic Unit (ALU), a Floating Point Unit (FPU), a digital signal processing core (DSP core, any combination thereof. the example memory controller 218 may be used with the processor 204, or in some implementations, the memory controller 218 may be an internal part of the processor 204.
Depending on the desired configuration, system memory 206 may be any type of memory, including but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. System memory 206 may include an operating system 220, one or more applications 222, and program data 224. The application 222 is actually a plurality of program instructions that direct the processor 204 to perform corresponding operations. In some embodiments, application 222 may be arranged to cause processor 204 to operate with program data 224 on an operating system. The program data 224 comprises instructions, and in the computing device 200 according to the invention the program data 224 comprises instructions for performing the method 300 of data protection.
Computing device 200 may also include an interface bus 240 that facilitates communication from various interface devices (e.g., output devices 242, peripheral interfaces 244, and communication devices 246) to the basic configuration 202 via the bus/interface controller 230. The example output device 242 includes a graphics processing unit 248 and an audio processing unit 250. They may be configured to facilitate communication with various external devices, such as a display or speakers, via one or more a/V ports 252. Example peripheral interfaces 244 can include a serial interface controller 254 and a parallel interface controller 256, which can be configured to facilitate communications with external devices such as input devices (e.g., keyboard, mouse, pen, voice input device, touch input device) or other peripherals (e.g., printer, scanner, etc.) via one or more I/O ports 258. An example communication device 246 may include a network controller 260, which may be arranged to facilitate communications with one or more other computing devices 262 over a network communication link via one or more communication ports 264.
A network communication link may be one example of a communication medium. Communication media may typically be embodied by computer readable instructions, data structures, program modules, and may include any information delivery media, such as carrier waves or other transport mechanisms, in a modulated data signal. A "modulated data signal" may be a signal that has one or more of its data set or its changes made in such a manner as to encode information in the signal. By way of non-limiting example, communication media may include wired media such as a wired network or private-wired network, and various wireless media such as acoustic, Radio Frequency (RF), microwave, Infrared (IR), or other wireless media. The term computer readable media as used herein may include both storage media and communication media.
The method of data protection of an embodiment of the present invention may be performed in a computing device as shown in fig. 2. FIG. 3 illustrates a flow diagram of a method 300 of data protection according to one embodiment of the invention, in one implementation, the method 300 is performed by an operating system of a computing device. Referring to FIG. 3, the method 300 begins at step S310, where a request to obtain target data sent from an application is received at step S310. Here, the target data may be a key of the application, or may be other data that needs to be protected. Typically, the operating system provides an Application Programming Interface (API) for applications that may request to obtain target data by calling the API.
And when the operating system receives a request of target data sent from an application, the operating system calls a method for acquiring the target data from the API to acquire the target data stored in the local. The application running in the execution environment may request to obtain the target data for the locally stored target data, or for some other service that results in data that needs to be locally stored, which is not limited by the present invention.
According to one embodiment of the invention, the target data is stored locally in an encrypted manner, that is, the ciphertext obtained by encoding the target data is stored locally. The embodiment of the invention provides a new encryption (coding) mode, which is to encode target data according to a code table and take the position information of characters in the target data as an encryption rule. In this way, the difficulty of deciphering the password by the decipherer can be improved. The code table comprises a plurality of table entries, each table entry comprises a corresponding relation between a main code and a character sequence (the main code in the code table is unique, namely the main codes in different table entries are different), and the character range formed by all the main codes is the same as the character range of the target data. The character range of the target data means that each bit of the target data can only be taken from a certain character in the character range;
meanwhile, the character sequence associated with the main code includes all characters in the character range except for the main code. All character sequences of the code table constitute a character matrix, and any column of the character matrix has no repeated characters.
There are various ways to implement the code table, and one of them is a cyclic shift. For example, if the character range of the target data is { a, b, c, d, e }, the following code table 1 can be generated.
Code table 1: a (b c d e)
b(c d e a)
c(d e a b)
d(e a b c)
e(a b c d)
Each row of the code table is an entry, and each entry represents the corresponding relationship between the main code and its corresponding character sequence. As indicated by a (b c d e), the corresponding relationship between the main code a and its corresponding character sequence (b c d e) is shown. The character sequence does not contain the main code a, which contains all the characters in a-e except a.
All the character sequences corresponding to the main code form a character matrix, such as the character matrix 1. The matrix of the character matrix 1 is generated by a cyclic shift method. However, the character matrix may not be obtained by cyclic shift as long as the requirement of the character matrix that any column has no repeated character is satisfied. The invention does not limit the generation mode of the character matrix.
Character matrix 1:
Figure BDA0002085312500000081
the steps of encoding the target data according to the code table to generate the ciphertext are as follows:
firstly, for each character in target data, acquiring the position number m of the character in the target data, namely the number of bits of the character in the target data;
then, acquiring a row number n of the character in the m-th column of the character matrix, and taking the main code of the n-th row of the character matrix as the coded character of the character;
finally, after each character in the target data is processed according to the position sequence, all the coded characters are connected in series (namely connected in sequence) to obtain the coded target data.
For example, for target data ecea to be encoded, the position number of a first character e in the target data is 1, e in a 1 st column is a 4 th row of a character matrix, and a main code corresponding to the 4 th row is d, so that the first character of the encoded target data is d; the position number of the second character c in the target data is 2, c in the 2 nd column is the 1 st row of the character matrix, and the corresponding main code of the 1 st row is a, so that the second character of the coded target data is a; the position number of the third character e in the target data is 3, e in the 3 rd column is the 2 nd row of the character matrix, and the row 1 corresponds to the main code b, so that the third character of the encoded target data is b, and the fourth character of the encoded target data is b in the same way. And finally, all the coded characters are connected in series, and the coded ciphertext dabb can be obtained.
According to one embodiment of the invention, the ciphertext fragments may be stored in the computing device, and in particular, the ciphertext fragments may be stored in different portions of the local application installation package. Taking the Android system as an example, the ciphertext can be stored in an application code, a resource file and a so library, wherein the so file (namely a dynamic link library) in the so library is compiled by C or C + +, so that the difficulty of decoding the so file is higher, and the safety of local data storage is improved.
The ciphertext is stored in a segmented manner, for example, the encoded ciphertext is divided into four segments, namely d, a, b and b, d is stored in an application code, a is stored in a resource file, and a character bb is stored in a so library, wherein b is stored at a position 1 in the so library, and b is stored at a position 2 in the so library, so that the ciphertext can be stored in a segmented manner, the difficulty of a decipherer in obtaining the ciphertext is increased, a stronger encryption effect is obtained, and the local storage of data is protected.
The system receives a request sent from an application to obtain target data, which may be encoded ciphertext. Firstly, an Application Program Interface (API) requesting a native layer is defined, and the defined API can load a method for acquiring the ciphertext acquired by the native layer when being called, so that the ciphertext stored in the local can be acquired in the subsequent steps. Pseudo code defining an Application Program Interface (API) of a native layer may be as follows:
Figure BDA0002085312500000091
in the following step S320, it is determined whether the application is in the dynamic debug mode, and if the application is in the dynamic debug mode, false data is returned.
As described above, dynamically debugging a running application through a debugging tool, and checking the state of each step of the running application to analyze the logic of application encryption are important factors that pose a risk to application security. According to one embodiment of the present invention, by determining whether the running time of the application is greater than a predetermined condition, that is, the difference between the system time when the application starts running and the time when the application finishes running is greater than a predetermined threshold, it is determined that the application is in the dynamic debugging mode, otherwise, it is determined that the application is not in the dynamic debugging mode. The dynamic debugging mode detected according to the running time of the running application is a single-step debugging mode, and the pseudo code for judging whether the application is in the single-step debugging mode by the code can be as follows:
Figure BDA0002085312500000101
according to another embodiment of the present invention, it can also be determined whether the application is in the debug mode by detecting a procfs file system change. Procfs is an abbreviation for process file system (file system) that contains a dynamically generated file system at startup for accessing process information through the kernel. Through the procfs file system, the state information of the process can be fed back to the user space, and the state of the process can be changed due to dynamic debugging, so that whether the application is in a debugging mode can be judged by judging the state information of the process. According to an embodiment of the invention, when a process is tracked by using a Ptrace mode, a target process records who the target process is tracked, the numerical value of the TracerPid can be seen through viewing/proc/pid/status, when an application is not in dynamic debugging, the numerical value of the TracerPid is 0, the application is judged not to be in Ptrace dynamic debugging, and if the TracerPid is not 0, the application is judged to be in Ptrace dynamic debugging. The pseudo code to determine whether an application is in Ptrace mode may be as follows:
Figure BDA0002085312500000102
Figure BDA0002085312500000111
through the two different implementation modes, whether the application in operation is in the debugging mode or not is judged, and if yes, the system returns the false data with the same length as the target data. Thus, for a translator who attempts to break the key by adopting a debugging mode, the dummy data is used as the key, so that the translator stops continuing to break the key. That is, the method of the present invention can act to confuse the interpreter. Here, the dummy data may be a character sequence having the same length as the key, which may increase the confusion of the dummy data. The character range of the dummy data can be in the code table or outside the code table, the dummy data can be fixed or changed according to different requests, and the invention does not limit the dummy data.
In the following step S330, if the application is not in the dynamic debug mode, the application signature is checked, and if the check fails, dummy data is returned. The step of returning the dummy data is the same as that in step S320, and is not described herein. And when the application is not in the dynamic debugging mode, performing application signature verification on the application, and by verifying whether the signature of the application is consistent with the official signature or not, splicing and returning the character fragments of the ciphertext stored in different local places if the signature of the application is consistent with the official signature (mm ' miwen ' + xx ' in the pseudo code), and returning false data if the signature of the application is inconsistent with the official signature (nn ' jiashuju ' in the pseudo code). The pseudo code to verify the application signature may be as follows, where x is the character of the ciphertext stored at the different locations and y is the application signature:
Figure BDA0002085312500000112
Figure BDA0002085312500000121
in the following step S340, if the signature check passes, the stored target data is returned. When the application signature check passes, the segment-stored ciphertext is retrieved and assembled (mm "miwen" + xx in the pseudo-code). And then, decoding the ciphertext according to the code table to obtain decoded target data.
The specific steps of decoding are as follows:
firstly, for each character in the coded ciphertext, taking the character as a main code, and acquiring a character sequence associated with the main code from a code table;
then, according to the position of the character in the encoded target data (namely the character is the character of the digit of the target data), finding the character at the corresponding position in the character sequence as a decoded character;
and finally, all decoded characters are connected in series to obtain decoded target data.
For example, the process of decoding the encoded target data dabb is: according to the positions of the characters in the ciphertext and the corresponding relationship between the main code and the character sequences in the code table 1, finding out the corresponding character of the coded position of the character in the character sequence, for example, d corresponds to the character sequence (e a b c), because the position of d in the ciphertext is the first, the first character c of the corresponding character sequence is the first character after decoding, a corresponds to the character sequence (b c d e), because the position of a in the ciphertext is the second, the second character c of the corresponding character sequence is the second character after decoding, b corresponds to the character sequence (c d e a), because the position of b in the ciphertext is the third and the fourth, the third character e and the fourth character a of the corresponding character sequence are the third and the fourth character after decoding respectively, the decoded target data ecea is obtained by concatenating all the decoded characters together.
According to the technical scheme, when a request for acquiring the locally stored data is received, the dynamic debugging is identified, the application signature and the instruction signature are verified, and for the application which is debugging or fails in signature verification, false data is returned to confuse a interpreter, so that the difficulty of interpretation is increased, and the safety of the data in local storage is improved. And the encrypted ciphertext is stored in different parts of the application program installation package in a segmented manner, and a new encryption algorithm is adopted, so that the difficulty of a decipherer in obtaining the ciphertext is further increased, and the safety of locally stored data is protected.
The various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as removable hard drives, U.S. disks, floppy disks, CD-ROMs, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
In the case of program code execution on programmable computers, the computing device will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to execute the image source management method or the resource download method of the present invention according to instructions in the program code stored in the memory.
By way of example, and not limitation, readable media may comprise readable storage media and communication media. Readable storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of readable media.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

Claims (8)

1. A method of data protection, executed in a computing device, the computing device storing target data of an application, the computing device further storing a code table, the code table including a plurality of entries, each entry including a correspondence between a primary code and a character sequence, all primary codes constituting a character range identical to a character range of the target data, the character sequence associated with the primary code including all characters in the character range except for the primary code, all the character sequences constituting a character matrix, any column of the character matrix having no repeated characters, the method comprising:
receiving a request sent from an application to obtain target data, wherein the target data is encoded before being stored in a computing device, specifically:
for each character in the target data, acquiring a position number m of the character in the target data;
acquiring a row number n of the character in the m-th column of the character matrix, and taking a main code of the n-th row of the character matrix as an encoded character of the character;
all the coded characters are connected in series to obtain coded target data, and the target data are stored in computing equipment in a segmented mode;
judging whether the application is in a dynamic debugging mode, if so, returning false data, wherein the false data is different from target data and has the same character sequence length as the target data;
if the dynamic debugging mode is not the dynamic debugging mode, verifying the application signature, and if the verification fails, returning false data;
returning the stored target data if the check passes, wherein the target data segment is stored in the computing device, the step of returning the stored target data comprising:
acquiring data stored in a segmented mode, and splicing the acquired data to generate target data;
and returning the generated target data.
2. The method of claim 1, wherein the target data segment is stored in application code, a resource file, and a dynamic link library.
3. The method of claim 2, wherein the stored target data is returned as decoded target data, the method further comprising the step of decoding the encoded target data:
for each character in the encoded target data, acquiring a character sequence associated with the character from a code table;
according to the position of the character in the encoded target data, finding the character at the corresponding position in the character sequence as a decoded character;
and all decoded characters are connected in series to obtain decoded target data.
4. The method of claim 1, wherein the determining whether the application is in a dynamic debug mode comprises:
respectively acquiring the system time of the start and the end of the application operation, and calculating the difference value of the two system times;
and if the difference value of the system time is larger than a preset threshold value, judging that the application is in a dynamic debugging mode, otherwise, judging that the application is not in the dynamic debugging mode.
5. The method of claim 1, wherein the determining whether the application is in a dynamic debug mode comprises:
acquiring state information of a process for running an application, wherein the state information comprises a TracerPid value;
and if the TracerPid value is not zero, judging that the application is in Ptrace dynamic debugging, and if the TracerPid value is zero, judging that the application is not in Ptrace dynamic debugging.
6. The method of any one of claims 1-5, wherein the target data is a key of an application.
7. A computing device, comprising:
one or more processors;
a memory; and
one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs comprising instructions for performing any of the methods of claims 1-6.
8. A computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed by a computing device, cause the computing device to perform any of the methods of claims 1-6.
CN201910485699.8A 2019-06-05 2019-06-05 Data protection method and computing equipment Expired - Fee Related CN110210211B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910485699.8A CN110210211B (en) 2019-06-05 2019-06-05 Data protection method and computing equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910485699.8A CN110210211B (en) 2019-06-05 2019-06-05 Data protection method and computing equipment

Publications (2)

Publication Number Publication Date
CN110210211A CN110210211A (en) 2019-09-06
CN110210211B true CN110210211B (en) 2021-09-07

Family

ID=67791050

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910485699.8A Expired - Fee Related CN110210211B (en) 2019-06-05 2019-06-05 Data protection method and computing equipment

Country Status (1)

Country Link
CN (1) CN110210211B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110765470A (en) * 2019-09-19 2020-02-07 平安科技(深圳)有限公司 Method and device for realizing safety keyboard, computer equipment and storage medium
US11775681B2 (en) 2020-09-01 2023-10-03 Microsoft Technology Licensing, Llc Enforcement flow for pipelines that include entitlements
US11361106B2 (en) 2020-09-01 2022-06-14 Microsoft Technology Licensing, Llc Chaining, triggering, and enforcing entitlements
US20230281109A1 (en) * 2022-03-01 2023-09-07 Microsoft Technology Licensing, Llc Debugging data privacy pipelines using sample data
US11922145B2 (en) 2022-03-01 2024-03-05 Microsoft Technology Licensing, Llc Initiating data privacy pipelines using reusable templates

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105373734A (en) * 2014-09-01 2016-03-02 中兴通讯股份有限公司 Application data protection method and apparatus
CN107038373A (en) * 2017-04-28 2017-08-11 北京洋浦伟业科技发展有限公司 A kind of Process Debugging detection method and device
CN107103214A (en) * 2017-04-06 2017-08-29 海信集团有限公司 A kind of application program anti-debug method and device applied to android system
CN107169324A (en) * 2017-05-12 2017-09-15 北京理工大学 A kind of Android application reinforcement means based on dynamic encryption and decryption
CN107729766A (en) * 2017-09-30 2018-02-23 中国联合网络通信集团有限公司 Date storage method, method for reading data and its system
US10032026B1 (en) * 2013-07-30 2018-07-24 Palo Alto Networks, Inc. Static and dynamic security analysis of apps for mobile devices

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10032026B1 (en) * 2013-07-30 2018-07-24 Palo Alto Networks, Inc. Static and dynamic security analysis of apps for mobile devices
CN105373734A (en) * 2014-09-01 2016-03-02 中兴通讯股份有限公司 Application data protection method and apparatus
CN107103214A (en) * 2017-04-06 2017-08-29 海信集团有限公司 A kind of application program anti-debug method and device applied to android system
CN107038373A (en) * 2017-04-28 2017-08-11 北京洋浦伟业科技发展有限公司 A kind of Process Debugging detection method and device
CN107169324A (en) * 2017-05-12 2017-09-15 北京理工大学 A kind of Android application reinforcement means based on dynamic encryption and decryption
CN107729766A (en) * 2017-09-30 2018-02-23 中国联合网络通信集团有限公司 Date storage method, method for reading data and its system

Also Published As

Publication number Publication date
CN110210211A (en) 2019-09-06

Similar Documents

Publication Publication Date Title
CN110210211B (en) Data protection method and computing equipment
CN111052115B (en) Data processing apparatus and method of authentication depending on call path
US11281769B2 (en) Software integrity verification
EP2510474B1 (en) Steganographic messaging system using code invariants
US9602289B2 (en) Steganographic embedding of executable code
US20170116410A1 (en) Software protection
US9892661B2 (en) Steganographic embedding of hidden payload
JP7154365B2 (en) Methods for securing software code
US7493483B2 (en) Method to prevent vulnerability to virus and worm attacks through instruction remapping
TW201227394A (en) Security through opcode randomization
US10885516B2 (en) Secure validation using hardware security modules
JP6488954B2 (en) ENCRYPTED DATA PROCESSING METHOD, ENCRYPTED DATA PROCESSING SYSTEM, ENCRYPTED DATA PROCESSING DEVICE, AND ENCRYPTED DATA PROCESSING PROGRAM
US11256786B2 (en) Method to secure a software code
Kang et al. Softmark: software watermarking via a binary function relocation
JP3970856B2 (en) Program obfuscation device, program distribution system, computer program
US10552602B2 (en) System and method for protecting a device against attacks on processing flow using a code pointer complement
US20220156365A1 (en) Method to Secure a Software Code
EP2966587A1 (en) Method of protecting software program by corrupting memory chunks, and device for implementing said method
WO2023156571A1 (en) Protecting software
JP2009015434A (en) Portable information processor and information processing program
KR20100022853A (en) System and controlling method for data protection by memory relocation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210907

CF01 Termination of patent right due to non-payment of annual fee